Every Android app is signed with a cryptographic signature. When the app is updated, Android will compare the signatures of the new and old versions, and only allow the update if they match. This is far more secure than having no signing method, but it's not perfect. Development teams have to share a single key, and if a key is lost, a new Play Store listing has to be created.

Android 9.0 Pie aims to solve this problem with a new feature called 'key rotation.' It allows developers to sign apps with a new certificate, by linking the app's past signing certificates to the new one. Here's the full technical explanation from Google:

Android 9 supports APK key rotation, which gives apps the ability to change their signing key as part of an APK update. To make rotation practical, APKs must indicate levels of trust between the new and old signing key. To support key rotation, we updated the APK signature scheme from v2 to v3 to allow the new and old keys to be used.

V3 adds information about the supported SDK versions and a proof-of-rotation struct to the APK signing block. To maintain backward-compatibility with the v1 APK format, v2 and v3 APK signatures are stored inside an APK Signing Block, located immediately before the ZIP Central Directory.

This should reduce headaches when developers lose their signing keys, while also ensuring APKs stay secure. Since this is part of Android 9.0, apps targeting older OS versions can't change their signature. As a result, key rotation probably won't be widely used for another few years.

  • Source:
  • Android Developers (1,
  • 2)